UK banks SSL security

This page compares the SSL security of online banking websites of British banks. SSL (or more correctly TLS) is the encryption between your web browser and the bank’s web server. It protects against others reading or changing the page (a man-in-the-middle attack). This is particularly important if you use wifi in a public place.

Scores are from the SSL server test run by SSL Labs, and consider protocol support, certificates and signatures. It tests whether sites are vulnerable to attacks such as Heartbleed and Poodle.

The scores don’t assess:

  1. How you login to the websites, eg. whether you need a cardreader, what details someone else would need to login to your account. See Which? magazine.
  2. The security of banks’ internal computers and systems. See newspaper articles Hacking attack gang stole £1.3 million and Computer hacking gang ordered ATM machines to dispense money…
  3. Whether branch doors are left unlocked overnight


Last updated: 2016-10-26

Bank Grade
Barclays A-
Co-op A-
First Direct B
Halifax A
Lloyds A
Metro Bank A
Nationwide B
Natwest A
Santander A-
Smile A-
Tesco A
Facebook B
Gmail A
Twitter A+
Wikipedia A+

If you run a website and would like to improve its score, read the guide SSL and TLS Deployment Best Practices.